PHP中提供CORS错误的自定义标题
我正在尝试一个基于REST的跨域请求。这两个域将托管在同一台服务器上 域1:-对于将请求在域2上REST API的应用程序 domain2:-用于处理来自domain1的REST API调用 每个RESTAPI调用都有一些自定义头,这是domain2所需要的 现在,当我通过ajax向domain2调用RESTAPI请求时,我得到了CORS阻塞错误 下面是我正在尝试的代码: 域2上示例api请求的PHP代码:PHP中提供CORS错误的自定义标题,php,cross-domain,cors,cross-domain-policy,custom-headers,Php,Cross Domain,Cors,Cross Domain Policy,Custom Headers,我正在尝试一个基于REST的跨域请求。这两个域将托管在同一台服务器上 域1:-对于将请求在域2上REST API的应用程序 domain2:-用于处理来自domain1的REST API调用 每个RESTAPI调用都有一些自定义头,这是domain2所需要的 现在,当我通过ajax向domain2调用RESTAPI请求时,我得到了CORS阻塞错误 下面是我正在尝试的代码: 域2上示例api请求的PHP代码: class mytest{ public function setOrigin
class mytest{
public function setOriginPolicy() {
if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] == 'http://testdata.local') {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
exit(0);
}
}
public function testrequest(){
$this->setOriginPolicy
$result['config_status'] = 1;
$result['config_msg'] = "request ok";
echo json_encode($result);
}
}
var url = "http://api.testdata.local/mytest/testrequest";
$.ajax({
type: 'GET',
url: url,
async: true,
crossDomain:true,
//jsonpCallback: 'jsonCallback',
contentType: "application/x-www-form-urlencoded",
headers:{"API_KEY":"andapikey","APP_VERSION":"1.0","CONFIG_VERSION":"1.0","AUTH_TOKEN": "4a6b1e610e81fa19c76a557049e9fa19"
},
/*beforeSend: function( xhr ) {
xhr.setRequestHeader("API_KEY", "andapikey");
xhr.setRequestHeader("APP_VERSION", "1.0");
xhr.setRequestHeader("CONFIG_VERSION", "1.0");
xhr.setRequestHeader("AUTH_TOKEN", "4a6b1e610e81fa19c76a557049e9fa19");
},*/
success: function(json) {
console.log(json);
},
error: function(e) {
console.log(e.message);
}
});
来自域1的AJAX调用:
class mytest{
public function setOriginPolicy() {
if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] == 'http://testdata.local') {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
exit(0);
}
}
public function testrequest(){
$this->setOriginPolicy
$result['config_status'] = 1;
$result['config_msg'] = "request ok";
echo json_encode($result);
}
}
var url = "http://api.testdata.local/mytest/testrequest";
$.ajax({
type: 'GET',
url: url,
async: true,
crossDomain:true,
//jsonpCallback: 'jsonCallback',
contentType: "application/x-www-form-urlencoded",
headers:{"API_KEY":"andapikey","APP_VERSION":"1.0","CONFIG_VERSION":"1.0","AUTH_TOKEN": "4a6b1e610e81fa19c76a557049e9fa19"
},
/*beforeSend: function( xhr ) {
xhr.setRequestHeader("API_KEY", "andapikey");
xhr.setRequestHeader("APP_VERSION", "1.0");
xhr.setRequestHeader("CONFIG_VERSION", "1.0");
xhr.setRequestHeader("AUTH_TOKEN", "4a6b1e610e81fa19c76a557049e9fa19");
},*/
success: function(json) {
console.log(json);
},
error: function(e) {
console.log(e.message);
}
});
如果我禁用标题,我将得到响应
请建议解决方案:
在.htaccess中的允许原始标头中添加了自定义标头
跟踪链接
特别感谢本杰明
下面是我的.htaccess
Header always set Access-Control-Allow-Origin "http://testdata.local"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin,API_KEY,APP_VERSION,CONFIG_VERSION,AUTH_TOKEN"
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
# Redirect Trailing Slashes...
RewriteCond %{REQUEST_METHOD} !OPTIONS
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_METHOD} !OPTIONS
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
标题始终设置访问控制允许原点”http://testdata.local"
Header始终设置访问控制允许方法“POST、GET、OPTIONS、DELETE、PUT”
标头始终设置访问控制最大期限“1000”
Header始终设置访问控制允许标头“x-request-with、内容类型、来源、API\u密钥、应用程序版本、配置版本、身份验证令牌”
选项-多视图
重新启动发动机
重写cond%{REQUEST_METHOD}选项
重写规则^(.*)$$1[R=200,L]
#重定向尾部斜杠。。。
重写cond%{REQUEST_METHOD}!选择权
重写规则^(.*)/$/$1[L,R=301]
#处理前控制器。。。
重写cond%{REQUEST_METHOD}!选择权
重写cond%{REQUEST_FILENAME}-D
重写cond%{REQUEST_FILENAME}-F
重写规则^index.php[L]
我关闭了分配给url
的字符串,希望这不是问题所在。